package com.aaa.security;

import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

@Component
public class RbacConfig {
    // 先判断权限，如果返回false，在判断是否已经认证


    /*
        方法的返回值必须是boolean类型
     */
    public boolean hasAuthority(Authentication authentication, HttpServletRequest request){
        System.out.println("鉴权");
        // 判断是否已经认证
        Object principal = authentication.getPrincipal();
        if((principal instanceof String) && principal.toString().equals("anonymousUser")){
            // 未认证：Full authentication is required to access this resource
            return false;
        }else {
            // 判断权限
            /**
             * 1.请求路径
             *
             * 2.角色权限+请求路径
             */
            String uri = request.getRequestURI();
            return true;// Access is denied
        }
    }

    public static void main(String[] args) {
        Object a = 2;
        System.out.println(a.getClass());

        if(a instanceof String){
            System.out.println("1");
        }

        if(a instanceof Integer){
            System.out.println(2);
        }
    }
}
